Saturday, March 18, 2023

setting up cloudflare origin certificates on Windows server

There seemed to be something wrong with win-acme which was preventing automatic renewals of the LetsEncrypt certificate on one of our servers. Possible reason could be that the server is switched off during the nights as it is a test / development server. Anyway, wanted to try Cloudflare's Origin server certificate instead, like we'd done for a Linux bitnami server earlier.

This post
https://bytefreaks.net/applications/cloudflare-origin-server-certificate-for-iis-10-server-on-windows-server-2016-to-allow-full-strict-mode-ssl-tls-encryption-mode
gives a good step-by-step guide. (Archived link)

Cloudflare's doc

points to

which is perhaps less clear.

When I try to select the cloudflare cert, the following error message is displayed:


I suppose that is because the certificate is from Cloudflare and not from one of the recognized certificate providers. Works with Cloudflare proxying in Full/ Strict mode. As the documentation says, "Site visitors may see untrusted certificate errors if you pause or disable Cloudflare on subdomains that use Origin CA certificates. These certificates only encrypt traffic between Cloudflare and your origin server, not traffic from client browsers to your origin."

No comments:

Post a Comment